none
Server 2012 R2 domain controller, issue with Hyper-V & teamed NIC

    Question

  • I have a Server 2012 R2 domain controller with a motherboard with a pair of 1GB NICs (nForce chipset), teamed. I added Hyper-V and, when I create a virtual switch named swTest (external, allow OS management sharing, resultant name is "vEthernet (swTest)"), the new vswitch appears to get the prior IP settings ok, but the server can only ping itself, not any Win7 workstations on the network, nor can they ping the server any more. The server's network icon in the sys tray shows no Internet connectivity any more, either. When I view the status of vEthernet, it says no network access for both IPv4 and IPv6 and packets are sending but not receiving. It's almost as if the server dropped off the network.  So if I then remove the vswitch, the teamed NIC's settings get restored ok and everything works normally (IPv4, UPv6, and Internet connectivity).

    Perhaps someone can spot if I've done something incorrectly? Or maybe I missed a step somewhere? (Like maybe I need to do something after adding the vswitch?)

    PS I have screenshots to assist with my description above, but I can't seem to upload them in any way.


    • Edited by Silicon Dragon Sunday, February 12, 2017 6:48 AM can't upload screenshots
    Sunday, February 12, 2017 6:46 AM

All replies

  • Are you using the NIC Teaming on Host (Server 2012 R2 domain controller) as you are using the 2 NICs?

    Are you assigned the IP on Both NIC on Host.

    Pl. also check the Which NIC you are selected in External Network.

    Sunday, February 12, 2017 7:08 AM
  • Are you using the NIC Teaming on Host (Server 2012 R2 domain controller) as you are using the 2 NICs?

    Are you assigned the IP on Both NIC on Host.

    Pl. also check the Which NIC you are selected in External Network.

    The DC has 2 physical NICs, teamed for bandwidth aggregation, so only the "teamed NIC" has an IP assigned; by design, the physical NICs no longer have active bindings which allow for IP assignments. (I've used this teamed NIC just fine for eons.) Because the server is a DC, using multi-homing is a really bad idea so the NICs have to either be teamed or 1 has to be disabled (I believe that's a DNS issue).

    When creating the vswitch (External), only the teamed NIC is available in the dropdown; this is as it should be, according to TechNet docs.

    When I try pinging a workstation, I get "Destination host unreachable" and vice-versa. Once teamed, the 2 NICs are unavailable because they no longer have IPs, though they are listed in Network Connections, of course.

    Sorry, I have screenshots of all this, only I'm not allowed to post them here. (What an absolutely wonderful TechNet feature that is!)


    Sunday, February 12, 2017 6:44 PM
  • Hi Silicon,

    Have you tried to update the NIC driver?

    >>I have a Server 2012 R2 domain controller with a motherboard with a pair of 1GB NICs (nForce chipset), teamed. I added Hyper-V and

    It is not a recommended configuration. We'd better not install other roles on domain controller.

    If you disable one NIC and use the other one to create virtual switch, is it still the same?

    Besides, ensure there are no physical network devices blocking the network traffic.

    Best Regards,

    Leo


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, February 13, 2017 2:20 AM
    Moderator
  • You should NOT be running both Hyper-V and Domain Controller software on the same physical instance of Windows.  You should be running the DC as a VM on your Hyper-V host.

    When asking for assistance on IP connectivity, it is always helpful to post the text output from ipconfig /all for the problematic machine and for a working machine.  It helps us understand the network you are working with.


    . : | : . : | : . tim

    Monday, February 13, 2017 1:35 PM
  • Hi Silicon,

    Have you tried to update the NIC driver?

    >>I have a Server 2012 R2 domain controller with a motherboard with a pair of 1GB NICs (nForce chipset), teamed. I added Hyper-V and

    It is not a recommended configuration. We'd better not install other roles on domain controller.

    If you disable one NIC and use the other one to create virtual switch, is it still the same?

    Besides, ensure there are no physical network devices blocking the network traffic.

    Best Regards,

    Leo


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    This is a small network (1 server, a half dozen Win7 workstations), thus the 1 server is the DC. It has current drivers for everything (NICs use the chipset drivers), has dual quad Opterons and plenty of RAM, so a single server is sufficient. I've run VMWare VMs for years just fine, have only decided recently to switch to Hyper-V and am now regretting it.

    Removing teaming on the NICs and disabling 1 NIC is not trivial, though not difficult. I'd consider it if you could provide sufficient reasoning for doing so?

    Monday, February 13, 2017 4:07 PM
  • You should NOT be running both Hyper-V and Domain Controller software on the same physical instance of Windows.  You should be running the DC as a VM on your Hyper-V host.

    When asking for assistance on IP connectivity, it is always helpful to post the text output from ipconfig /all for the problematic machine and for a working machine.  It helps us understand the network you are working with.


    . : | : . : | : . tim

    Actually, official Microsoft documentation said to NOT install a DC as a VM, though maybe they've changed their stance in the last 5+ years? I originally had the DC running as a VM under ESXi but neither VMWare nor Microsoft would provide support for me, so I removed ESXi and rebuilt the DC as the host and ran my other VMs under VMWare Server.

    I captured the ipconfig output with a screenshot along with a few other screenshots (e.g. vswitch config), only to find out that I'm not allowed to post screenshots. Is there a place where I can post my screenshots for people to see?


    • Edited by Silicon Dragon Monday, February 13, 2017 4:13 PM clarification
    Monday, February 13, 2017 4:11 PM
  • Hi,

    Looking at Leo's response above when you create the NIC team but lose connectivity is this true on both NIC's?

    When you have created the team and assigned the IP address have you tried disabling each NIC independently via explorer to see if the issue is simply with a single interface?

    You can copy/paste the output of ipconfig /all as text.



    Monday, February 13, 2017 5:24 PM
  • Actually, official Microsoft documentation said to NOT install a DC as a VM, though maybe they've changed their stance in the last 5+ years?

    What? I built my first virtualized DC on an ESX cluster in 08 or 09, and built my next three virtualized DCs on Hyper-V in 2010. I've never had anyone refuse support or even suggest that my support status was in jeopardy. Where is this documentation?

    One thing that has changed in the last 5 years is the WMI provider for Hyper-V. It has its own security model, for which there is no public documentation. We do know that it has at least some interaction with the local Administrators group and the local Hyper-V Administrators group. Local groups don't exist on a domain controller. As far as we laypeople are concerned, the security behavior of a Hyper-V host that has also been made a domain controller is "undefined".

    But, there are two things here. Whether or not you virtualize the DC is a separate discussion. Making a Hyper-V host a domain controller falls squarely in the "don't ever do that" column. From your problem description it sounds mostly like you've upset your physical switch somehow, but you'll still be playing with fire if you sort that out.


    Eric Siron
    Altaro Hyper-V Blog
    I am an independent contributor, not an Altaro employee. I accept all responsibility for the content of my posts. You accept all responsibility for any actions that you take based on the content of my posts.

    Monday, February 13, 2017 5:50 PM
  • Hi Silicon,

    Assign an IP address to "vEthernet (swTest))" adapter on your physical host (Server 2012 R2 DC) from same subnet you are using for other Windows 7 machine (Very Important).

    It should work. If it doesn't send me your IP address configuration of all machines (Win 7 and vEthernet (swTest)) adapter ).

    If this help, mark it as answer.

    / Karim

    Monday, February 13, 2017 5:53 PM
  • Hi,

    Looking at Leo's response above when you create the NIC team but lose connectivity is this true on both NIC's?

    When you have created the team and assigned the IP address have you tried disabling each NIC independently via explorer to see if the issue is simply with a single interface?

    You can copy/paste the output of ipconfig /all as text.



    If you disable a physical NIC that's teamed, it simply drops out of the team, reverting to the single NIC which contains the same IP config and still doesn't function. I wish I could disable a NIC from the host's perspective but make it active from Hyper-V's perspective. A DC can't have 2 active NICs w/o causing all sorts of DNS issues. If there were some way to enable the 2nd NIC just for Hyper-V use, I'd be golden. :) Except for halving my bandwidth. :(
    Monday, February 13, 2017 9:59 PM
  • Hi Silicon,

    Assign an IP address to "vEthernet (swTest))" adapter on your physical host (Server 2012 R2 DC) from same subnet you are using for other Windows 7 machine (Very Important).

    It should work. If it doesn't send me your IP address configuration of all machines (Win 7 and vEthernet (swTest)) adapter ).

    If this help, mark it as answer.

    / Karim

    I can't...the bindings for both IPv4 and IPv6 are disabled; that occurs when the vswitch is created and the bindings are added to the new vswitch.
    Monday, February 13, 2017 10:01 PM
  • Notice that Karim said to set the setting on the vEthernet, not the physical NIC.  The vEthernet is the virtual NIC created on the host when you define a virtual switch on the physical NIC and tell Hyper-V to share the switch with the host OS.

    "Removing teaming on the NICs and disabling 1 NIC is not trivial"

    I believe the instruction to disable one of the NICs came after you posted the output of ipconfig and it showed two separate NICs, not a teamed NIC.  Two separate NICs on a DC is another thing that is never recommended.  As for teaming, you should be able to team NICs without any issue.  Once teamed, the NIC is presented to the OS as a single NIC.

    I'm getting confused going through the list of all the things you have done/haven't done.  Here is a summary of what you should do.

    Move your DC to a virtual machine, i.e. do NOT run DC and Hyper-V on the same physical instance.

    Use only a single NIC on your DC.

    If you want to use teamed NICs, define the team before creating a virtual switch on the team.


    . : | : . : | : . tim

    Tuesday, February 14, 2017 12:01 AM
  • To help isolate the issue, I deleted the teamed NIC, disabled 1 of the 2 physical NICs, verified full connectivity, created the vswitch (only the 1 enabled NIC showing, of course), and everything works, only at half the bandwidth. /shrug

    For giggles, I removed the vswitch, re-enabled the 2nd NIC, recreated the teamed NIC, recreated a vswitch, and again, no network connectivity at all. I can ping localhost only and IP config settings are all correct when compared to a pre- and post-text dump.

    Because there could be issues with a DC + Hyper-V combo on the same host and I heard back from VMware about ESXi running a DC in a VM is actually fine, I'm going to go back to using ESXi, run the DC in 1 VM and everything else in add'l VMs. That's actually easy since it's my original configuration and I retained an image of the host's drive, so I just need to pop the drive back in the box and begin patching the OSs. /sigh

    Sure would've been nice to use Hyper-V again, but gawd what a PITA it is. And ESXi "just works". :)

    Thanks y'all.

    Tuesday, February 14, 2017 1:24 AM
  • Sure would've been nice to use Hyper-V again, but gawd what a PITA it is. And ESXi "just works".

    Yep, I can say the exact same thing about Hyper-V because that is what I am familiar with.  I am sure I would have similar problems with ESXi while learning it. <grin>


    . : | : . : | : . tim

    Tuesday, February 14, 2017 1:27 PM